Hi,
we have setup a grommunio (supported version) and FreeIPA as the LDAP backend.
Grommunio did successfully connect to the FreeIPA instantance, the user in grommuni can auth against their LDAP Password.
BUT(!) grommunio wont find any groups if the ldap_group_addr is set to mail.
For instance this is the ldap_adaptor.cfg which is generated by the Admin UI:
# Configuration automatically generated by grommunio-admin.
ldap_disabled=False
ldap_host=ldap://<freeipaip>:389
ldap_bind_user=uid=ldapuser,cn=users,cn=accounts,dc=my,dc=company
ldap_bind_pass=<password>
ldap_start_tls=False
ldap_search_base=cn=accounts,dc=my,dc=company
ldap_object_id=ipaUniqueID
ldap_mail_attr=mail
ldap_user_displayname=displayName
ldap_user_filter=(objectClass=posixAccount)
ldap_contact_filter=(&(|(objectclass=person)(objectclass=inetOrgPerson))(!(objectclass=posixAccount)))
ldap_user_search_attrs=mail
ldap_user_search_attrs=givenName
ldap_user_search_attrs=cn
ldap_user_search_attrs=sn
ldap_user_search_attrs=displayName
ldap_user_search_attrs=uid
ldap_user_templates=common
ldap_user_templates=389ds
ldap_user_aliases=mail
ldap_group_addr=mail
ldap_group_filter=(&(objectclass=mailGroup)(objectClass=posixgroup))
ldap_group_name=cn
ldap_group_memberof=memberOf
If we change ldap_group_addr to cn and run grommunio-admin ldap downsync -cf grommunio will find those groups with the objectclass mailGroup but will refuse to import them as they don't match the domain (which makes sense)
What i don't get is why grommunio won't see the groups when the ldap_group_addr is set to mail.
This should be valid.
Had anybody the same issue and maybe a workaround?
